REQUEST FOR PROPOSAL (RFP) - Singapore Airlines · REQUEST FOR PROPOSAL (RFP) Confidentiality: This...

V60 03.04.2018

TR1297: Token Replacement of 26

REQUEST FOR PROPOSAL (RFP)

Confidentiality: This Request for Proposal (RFP) is the property of Singapore Airlines Limited (SIA) and/or its subsidiaries. Any reproduction of its contents (in whole or part) except for the preparation of the Tender must have prior written approval by the designated representatives of SIA and/or its subsidiaries.

Project Title: Token Replacement Tender Number: TR1297 Type of Document: Main (PART 1) Organization: SIA Co. Regn. Number: 197200078R

V60 03.04.2018


TABLE OF CONTENTS TABLE OF CONTENTS ................................. ........................................................................................ 2

EXECUTIVE SUMMARY ........................................................................................................................ 3

INSTRUCTIONS FOR VENDORS .......................................................................................................... 4

ANNEX 1: VENDOR PROFILE MATRIX FOR TR1297 ......... .............................................................. 16

ANNEX 2: TENDER APPLICATION FORM ....................................................................................... 18

ANNEX 3: IPT DECLARATION BY VENDOR/CONTRACTING PARTY .......................................... 19

ANNEX 4: DECLARATION OF PARTICIPATION BY RELATIVES/ASSOCIATED COMPANIES .. 21

ANNEX 5: INDIVIDUAL NON-DISCLOSURE AGREEMENT ............................................................ 22

ANNEX 6: TERMS AND CONDITIONS ON USAGE OF SIA IT RESOURCES .................................. 25

V60 03.04.2018


EXECUTIVE SUMMARY Singapore Airlines Limited (SIA) currently makes use of hardware and soft tokens to securely authenticate its remote users before access to corporate resources are granted. RSA SecurID system, hardware/ soft tokens are deployed for this purpose. The tokens will expire in batches from Oct 2018 onwards and need to be replaced. SIA plans to replace the existing tokens with soft tokens where possible. The proposed solution shall take into consideration aspects such as (including but not limited to) security, user experience, ease of deployment and cost. As this is a major exercise, the successful vendor needs to ensure that the user experience for migration for existing users, onboarding for new users, use of token and offboarding is streamlined and does not inconvenience the staff. Currently, SIA has sixteen thousand (16,000) hardware/soft tokens issued to the following categories of users:

(a) Flying crew (pilots and cabin crew) (b) Ground staff in Singapore and overseas locations (c) Contractors and partners

SIA has plans to deploy up to 20,000 tokens. Vendors are to:

(a) Replace the current tokens with soft tokens where feasible. Feasibility means that the

user of the token will have no issues using the soft token as compared to the hard token.

(b) Implement this solution without impact to SIA operations. (c) Ensure that this solution works with SIA remote access architecture (Checkpoint VPN

and Juniper VPN), Privilege Account Management system using CyberArk, CA Siteminder and IBM Secure Identity Management systems.

In terms of costing, Vendors proposals shall include the following:

(a) Costs for eleven thousand (11,000) soft tokens and two hundred (200) hardware

tokens; (b) Costs for migration for eleven thousand (11,000) users to soft tokens; (c) Costs for additional tokens; (d) Costs for changes to the existing infrastructure components (if any) (e) Costs for new backend infrastructure components (if any); (f) Costs of yearly maintenance (if any).

The costing should include any training costs, training material production costs or documentation costs as well as any potential manual support costs to help with the onboarding/setup process. Vendor to note that initial contract term is of three (3) years with an option to extend it each year for the next two (2) years i.e. (1) + (1) years.

V60 03.04.2018


INSTRUCTIONS FOR VENDORS SECTION 1: DEFINITION OF TENDER DOCUMENTS Tender Documents shall include items listed in the RFP (Part 1 and Part 2 as listed below) as well as all other documents issued prior and after the deadline for Submission of Proposal (tender bid). The Tender Documents and additional materials that may modify or interpret, including drawings and specifications, by additions, deletions, clarifications or corrections will become part of the Contract when executed. All Tender documents and clarifications shall form an integral part of a Contract that is to be entered between SIA and/or its subsidiaries and Vendors. Until a Contract is executed, the Tender Documents shall be binding on Vendors. All Annexes listed within, which form part of this RFP, will be issued accordingly as stated below: (1) Annexes within the Main document are (“Part 1”) : Annex 1 - Vendor Profile Matrix Annex 2 - Tender Application Form Annex 3 - IPT Declaration by Vendor/Contracting Party Annex 4 - Declaration of Participation by Relatives/Associated Companies Annex 5 - Individual Non-Disclosure Agreement Annex 6 - Terms and Conditions on Usage of SIA IT Resources (2) Confidential Annexes (“Part 2”) to be released to eligible vendors after SIA’s acceptance of

the Vendors’ Intent-to-Bid which comprise the Vendor Profile Matrix and Non-Disclosure Undertaking Letter, are listed below:

Annex 7 - Service Level Agreement Annex 8 - Information Security Requirements Annex 9 - Infrastructure and Architecture Standards Annex 10 - Application Maintenance Services (AMS) Annex 11 - Guides Annex 12 - eCourseware Standards Annex 13 - Scope of Work (Detailed) Annex 14 - Glossary Annex 15 - Pricing Table Annex 16 - Standard Contract (“Contract”)

V60 03.04.2018


SECTION 2: SCHEDULE OF EVENTS

EVENT DATE Tender Publication 01 June 2018 • 1 Submission of Intent to Bid By 06 June 2018

12 Noon, Singapore Time Notification of Pre-qualification and release of confidential Annexes

By 08 June 2018 12 Noon, Singapore Time

2 Project Briefing 08 June 2018 2 P.M to 3 P.M SIA Theatrette SIA Training Centre, Storey 01 (Core C) Contact Person – Priyanka Khairnar Contact No. – +65 6541 7908 Email: [email protected]

Questions from Vendors By 13 June 2018, 12 Noon Singapore Time SIA’s Responses to Questions By 15 June 2018 3 Submission of Proposal By 22 June 2018 1200 Noon Singapore Time Appointment of Vendor(s) Within 6 months after submission of proposal

1 Refer to 3.2 Intent to Bid 2 Refer to 3.4 Project Briefing 3 Refer to 3.5 Tender Submission

V60 03.04.2018


SECTION 3: TENDER PROCEDURES 3.1 Eligibility Criteria Annex 1 (Vendor Profile Matrix) should be completed with sufficient information for SIA and/or its subsidiaries to have a good understanding of the Vendor. Please note that it is not acceptable to reference the relevant sections to e.g. websites, financial reports etc. Kindly fill in the required details. Any false or misleading statements found within Annex 1 (Vendor Profile Matrix) could be grounds for disqualification.

• Financial stability and viability • Prior experience in similar projects and industry • Local technical staff strength (to support the application in Singapore)

3.2 Intent to Bid To participate in this RFP, the following is required: (a) Email to [email protected] by the submission deadline:

• Annex 1 (Vendor Profile Matrix) • Non-Disclosure Undertaking (NDU*) Letter duly signed by your authorized signatory

(b) Post or courier to reach SIA within 3 business days of the submission deadline:

• One (1) original set of the Non-Disclosure Undertaking (NDU) Letter duly signed by your authorized signatory

The NDU Letter should be sent to:

IT Procurement & Admin Singapore Airlines Limited SIA Computer Centre 722 Upper Changi Road East Singapore 486854 Attention: Khoon Heng Tuck or Ms. Nirmala Rajakrishnan (Mimi)

*Vendors who already have a signed Non-Disclosure U ndertaking (NDU) Letter or Non-Disclosure Agreement (NDA-CP) Version 2.0, 4 August 2016 with SIA will only need to quote the NDA-CP reference.

*Note: For identification purposes, the cover of th e documents (including the envelopes) MUST be clearly marked with ‘INTENT TO BID’ and the tend er reference number. Vendors will be informed of SIA’s and/or its subsidiaries acceptance of their Intent to Bid and will be given the Confidential Annexes via email. Fulfillment of all the criteria above does not imply SIA’s and/or its subsidiaries acceptance of your intention to bid. No reasons will be given to the unsuccessful Vendors.

3.3 Contact Person If there is a need to seek clarifications, requests should be sent as an attachment in Microsoft Word document to: Project Manager: Ms Priyanka Khairnar Email address: [email protected] ALL communication between the Vendors and SIA and its subsidiaries shall be through the above email address. When submitting questions, the identity of the Vendors’ representative must be clearly indicated. The email shall in such cases, follow the format as stated below:

V60 03.04.2018


(1) Name of vendor; (2) Date of submission; and (3) Document Number e.g. Vendor XXX, 06 May 2005, Document 1 of 1 etc…

as to clearly specify how many email(s) and attachment(s) constitute the full proposal. All questions must be sent to SIA and/or its subsidiaries before the deadline indicated in Section 2: Schedule of Events. SIA and/or its subsidiaries will respond to the questions in writing. All the questions and the corresponding responses prior to the Submission of Proposal date will be made known to all Vendors (where possible) without revealing the identity of the source of the questions. If the solution includes a partnership of service providers, the Prime Vendor will be the sole party that communicates with SIA and/or its subsidiaries during the Tender process. 3.4 Project Briefing Each Vendor is allowed to send a maximum of three (3) representatives to attend the project briefing. Attendees whose organization has not submitted the completed documents stated in Section 3: Tender Procedures, paragraph 3.2 will not allowed to attend the project briefing. Please state the attendees’ details in the Annex 1 (Vendor Profile Matrix). Attendees are required to exchange their NRIC or Passport for the Visitor Pass at the SIA Pass Office of the meeting venue. 3.5 Tender Submission Two (2) set of the Tender Submission is required, i.e., one (1) original and one (1) copy are required. For identification purposes, the cover of the Tender Submission (including the envelopes) MUST be clearly marked with ‘ORIGINAL’ or ‘COPY’ and the tender reference number . In addition, prepare two (2) set of CDs containing the soft copy of your Tender Submission. Label the CDs with "TR1297: Token Replacement" and your organisation’s name ; and put them in an envelope marked “Softcopy of TR1297” . The label on the 1 set of CDs should clearly be marked with 'ORIGINAL'. In case of differences between the soft copy and th e hard copy, the soft copy will prevail. The Tender Submission, comprising the proposal(s) and CDs, should be submitted in sealed envelopes to: The Secretary Tenders Committee Singapore Airlines Limited No.4 Airline Road Changi Airfreight Complex (CAC) Singapore 819825 Vendors should take into account the time required to reach the venue for submission of tender. The time specified in Section 2: Schedule of Events under Submission of Proposal must be strictly adhered to. Overseas Vendors may fax Tender Submission to (65) 6543-1369 but the original Tender Submission must reach the Tenders Committee within three (3) days starting from the Submission of Proposal date as otherwise the Submission will not be valid. Vendors are required to verify receipt of their fax with SIA Legal Department by calling (65) 6541-4045 during Singapore office hour. Overseas Vendors must ensure that ONLY the ‘Tender Application Form’ and all pricing information be faxed. Strictly no online or e-mail submission is permitte d. Late submissions will not be accepted.

V60 03.04.2018


3.6 Evaluation Criteria The proposals will be evaluated based on the following factors (including but not limited): • Company (implementation company)

- Financial Stability - Local Presence

• Functional Requirements - Ability to interface to existing system - Ability for solution to allow hard and soft tokens to co-exist for different users. - Ease of Use in all processes related to the soft/hard token – Provisioning/Deprovisioning,

Usage of Token, token failure management during the above-mentioned processes. - Feasibility of processes to meet service level requirements - Robustness of the process (inclination for errors) - Level of inconvenience caused to staff/vendors when they use the systems proposed by the

vendor for token management. • Implementation

- Implementation Schedule - Project Team Experience - Experience in similar projects - Completeness of Deliverables

• Maintenance & Support - SLA - Warranty

The evaluation process will include telephone calls to your referees (clients) to verify claims made by your company. Reference sites with the closest match to SIA’s and/or its subsidiaries network will be preferred. Do not put referees who will not take calls to veri fy claims made by your company. The shortlisted candidates may be asked to present their Tender Submission on-site at SIA and/or its subsidiaries. SIA and/or its subsidiaries will provide the necessary facilities for the presentation but all other expenses incurred by the Vendors in making the presentations will be borne by Vendors. 3.7 Conditions for Tender The responses (including clarifications) to this RFP are expected to be included in the Contract should the Tender bid be successful. 3.7.1 General Conditions SIA and its subsidiaries reserve the right to discontinue with the RFP process at any time and make no commitment, implied or otherwise, that the RFP will result in a business transaction with one (1) or more Vendors. SIA and its subsidiaries are not under any obligation to pay Vendors for information received. This RFP does not commit SIA and its subsidiaries to pay for any costs incurred by Vendors in responding to this RFP, nor does it commit SIA and its subsidiaries to procure products and/or contract for services. 3.7.2 Terms of Application Application of Tender by Vendors constitutes acceptance by Vendors of all terms and conditions printed on this form and all other attachments hereto. Upon acceptance of the Tender Documents, Vendors undertake to submit their proposal by the allotted time unless the Vendor(s) declares in writing, prior to the Submission of Proposal date, their intention not to bid for the Tender. If the Vendor is a corporation, the Annex 2 (Tender Application Form) must be signed by an authorized officer of the corporation and stamped with the name of the corporation. No alteration in the Annex 2 (Tender Application Form) is allowed.

V60 03.04.2018


Vendors shall undertake the preparation of their Tender Submission at their own cost including travel to Singapore, if any, during the Tender process. 3.7.3 Tender Amount Numbers shall be stated in writing and in figures. The pricing for the products to be supplied or services to be rendered shall be exclusive of any Goods and Service Tax ("GST"), i.e. prices quoted shall not include any GST component. The amount tendered by the Vendor and filled in the space "TOTAL AMOUNT TENDERED" on the Annex 2 (Tender Application Form) shall be the amount agreed to upon appointment of the successful Vendors. The amount shall not be varied in any way, unless mutually agreed in writing. Unless otherwise provided in any supplement to these instructions, Vendors shall not modify their Tender Submission after the Submission of Proposal date. The price quoted shall be treated as the last price the Vendor is prepared to offer. Vendors should therefore quote their best and last price. Notwithstanding the above, should a change in specifications occur after a Tender has been called and such change may have an effect on price, SIA and/or its subsidiaries may under such circumstances negotiate the price. Vendors may not amend their bid price during the Contract period. Any increase in costs of production or in any other aspect may not be passed on to SIA and/or its subsidiaries by way of an increase in the awarded price or a change in the products and/or services to be provided. Without limitation all permits, licenses, royalties and fees whatsoever claimable by or payable to any person, firm or corporation or government or in connection with an invention or patent used or required to be used in connection with Vendors obligations under this Tender are for the account of Vendors and shall not be charged to SIA and/or its subsidiaries. 3.7.4 Vendors’ Responsibility Vendors shall undertake the preparation of their Tender Submission at their own cost including travel to Singapore, if any, during the Tender process. The Submission of Proposal represents that the Vendors have read and understood the Tender Documents. 3.7.5 SIA’s Obligations to Vendors SIA or its subsidiaries will assist Vendors whenever and wherever possible in determining local conditions and clarification of the Tender Documents. SIA may reject any, part of, or all Tender Submission and waive any informality or irregularity in any Tender Submission received. No reason shall be given to any unsuccessful Vendors for not being awarded the Tender. 3.7.6 Compliance to Requirements, Standards and Gui des Vendors shall comply with all business and technical requirements, standards and guides specified in the RFP unless otherwise stated in accordance with Section 4: Format of Proposal, Part 5: Proposed Solution. Vendors are to comply with industry software development best practices. 3.7.7 Acceptance of Tender SIA and/or its subsidiaries shall not be bound to accept the lowest of any Tender Submission nor is it liable for any claim for whatever costs that may be incurred in the preparation of the Tender. SIA and/or its subsidiaries reserve the right to accept the whole or part of the Tender Submission. 3.7.8 Notification of Vendors All Vendors will be notified of the award as soon as approval by the relevant committee has been given.

V60 03.04.2018


3.7.9 Award of Tender Any sub-contractors or assigned Vendors shall be named within the proposal. SIA and/or its subsidiaries reserve the right to reject sub-contractors or assigned Vendors without giving reasons, whereby the Vendors will have no right to make changes to the final price in terms of compensation and/or replacement. SIA and/or its subsidiaries may, at their discretion, award part of the products and/or services to other Vendors. Vendors are obliged to co-operate with each other including working with SIA’s and/or its subsidiaries’ vendors to deliver a solution that complies fully with the overall system (business and technical) specifications as specified in the RFP. 3.7.10 Contract The successful Vendor(s) shall submit a draft Contract using the Annex 16 (Standard Contract) within one (1) week of request by SIA, failing which SIA may award the Contract to another Vendor. The draft Contract shall incorporate all terms and conditions specified in the Contract plus all other terms and conditions specified in the RFP. Upon signing of the Contract by both SIA and the Vendor shall the Tender be deemed awarded to the Vendor. 3.7.11 Security Deposit Note: Security deposit is mandatory only if the award is over SGD600,000. Upon award of the Tender, Vendors shall furnish a security deposit in Singapore currency equivalent to five percent (5%) of the value of the Contract. If the deposit is below S$2,000.00, the amount shall be paid by a crossed cheque (for local contractors/ suppliers only) or bank draft (for local and overseas contractors/suppliers) in favour of “Singapore Airlines Limited”. Should the deposit be S$2,000.00 and above, a banker's guarantee in SIA’s standard format will be acceptable, provided such guarantee undertakes to meet all claims arising during the period of the Contract. This deposit shall be retained for the duration of the Contract and shall, after damages, if any, have been deducted, be refunded in Singapore currency to the Vendors at the end of the Contract by way of a cheque drawn on a bank in Singapore or by way of return of the banker's guarantee, as the case may be. No interest shall be paid on the deposit and any gain or loss resulting from currency exchange shall be borne by the Vendors. Upon project delay, Vendors shall extend the security deposit for the duration of the extension. 3.7.12 Specimen for Banker’s Guarantee

BANKER'S GUARANTEE (FOR TENDER SECURITY DEPOSIT) 1 In consideration of Singapore Airlines Limited awarding Tender No.______________ to______________________________ of _________________________________ (hereinafter referred to as the `Contractor') and Singapore Airlines Limited not insisting on the full cash security deposit being paid by the Contractor, we the Guarantor hereby guarantees Singapore Airlines Limited the sum of S$ ____________ (“Guaranteed Sum”) being the amount of the Security Deposit required for the due and faithful performance of the said Contract. 2 In the event of the Contractor failing to fulfil any of the terms and conditions of the said Contract, the Guarantor shall indemnify Singapore Airlines Limited against all losses, damages, costs, expenses sustained by Singapore Airlines Limited up to the sum of Guaranteed Sum. The guaranteed sum shall be payable to Singapore Airlines Limited immediately upon demand. 3 The liability of the Guarantor under this Guarantee shall continue for the duration of the Contract period from _________ ('Commencement Date') to __________ (‘Expiry Date’) and the Guarantor undertakes to meet all claims arising during the period of the Contract, provided that any claim hereunder should be made not later than three months after the Expiry Date.

V60 03.04.2018


3.7.13 Conformance with Agreed Specifications All works must be carried out in accordance with the Tender Documents that have been agreed to by SIA and/or its subsidiaries and Vendors. All title, ownership and other intellectual property rights in any software customization and related documentation created or otherwise developed pursuant to this Tender vest in SIA. By submitting the Tender, Vendors agrees to assign to SIA any intellectual property rights that subsist in or arise from the deliverables of any software customization and related documentation created or otherwise developed pursuant to this Tender. 3.7.14 Gifts, Inducements and Rewards Vendors are advised to refrain from offering gifts and rewards in any form or manner to any SIA employee in relation to the obtaining or execution of any contract with SIA, whether or not the like acts are performed by the Vendors or persons acting on his/their behalf with or without the knowledge of the Vendors. SIA shall terminate the Contract, forfeit the deposits and debar the Vendors for any appropriate period of time if it is proven that the Vendors has offered and/or given gifts and rewards in obtaining or in execution of any contract. 3.7.15 Date Compliance The Services and/or Hardware and/or Software are and will be free from date compliance problems and the performance or the functionality of the Services or obligations to be performed under the Tender and Contract shall not be affected, impeded or interrupted by the entry or processing of any data value or date dependant function, whether such date is past, current or future. 3.7.16 Payment Terms/Scheme Vendors will follow the Payment Terms/Scheme as stated below: Upon signing of Formal Contract 10% of Tender Amount Upon acceptance of User Acceptance Tests (UAT) 35% of Tender Amount Upon cutover and after onboarding of users 30% of Tender Amount Upon end of Warranty Period 25% of Tender Amount SIA and/or its subsidiaries have the right to terminate the Contract signed between SIA and/or its subsidiaries and the Vendors at any time giving thirty (30) days prior written notice. Should this occur, SIA and/or its subsidiaries will pay for work rendered up to date of termination.

V60 03.04.2018


SECTION 4: FORMAT OF PROPOSAL Each proposal should be structured in a clear, concise, straightforward manner and in accordance with the outline of the respective sections herein. Vendors should exercise care to present only realistic, attainable commitments in their proposal. Vendors shall provide explicit responses of compliance or non-compliance to any requirements set out in the Tender Documents. In the event of any non-compliance with the Tender Documents, Vendor shall satisfy SIA the extent of its non-compliance with reasons. Where Vendors fail to satisfy SIA in the manner above, the proposal is liable to be rejected. Notwithstanding the above, by submitting the proposal, Vendors agree to fully comply with the following RFP documents (“Non-negotiable RFP ”):

• Section 3: Tender Procedures • Annex 5: Individual Non-Disclosure Agreement • Annex 6: Terms and Conditions on Usage of SIA IT Resources • Annex 8: Information Security Requirements • Annex 9.1: Infrastructure and Architecture Standards • Annex 9.2: IT Operations Standards and Guides • Annex 11: Guides

SIA reserves the right to exclude a proposal if it contains any ambiguities or lacks clarity. Part 1: Tender Forms All Forms stated below must be presented in the format listed herewith and signed by an authorized signatory. Enclose within:

1. Annex 3 (IPT Declaration Form) 2. Annex 4 (Declaration of Participation by Relatives/Associated Companies)

The Forms stated above, to comply with Chapter 9A of the Listing Manual of the Stock Exchange of Singapore – Interested Person Transactions (IPT), declare whether your company is affiliated with Temasek Holdings Pte Ltd (owned by the Government of Singapore) or any of its subsidiary/associated companies. Part 2: Non-Disclosure Undertaking (NDU) Letter Enclose a copy of the duly signed NDU Letter in this part. SIA and/or its subsidiaries reserve the right to share your response to the RFP with its advisors, if required. Before commencing work for SIA and/or its subsidiaries, employees/subcontractors of appointed Vendors will also be required to sign “Annex 5 (Individual Non-Disclosure Agreement)” and undertake to abide the “Annex 6 (Terms And Conditions on Usage of SIA IT Resources)” if such employees/subcontractors of the appointed Vendor(s) are required to use SIA equipment. Note: Vendors must have Non-Disclosure Agreement(s) with their contractors. Part 3: Vendor Profile Matrix Enclose the completed Annex 1 (Vendor Profile Matrix) in this part. Please note that it is not acceptable to reference the relevant sections to e.g. websites, financial reports etc. Kindly fill in the required details.

V60 03.04.2018


Part 4: Executive Summary Summarise the salient points of your proposal in no more than two (2) pages. Briefly describe your proposal and how it will meet the requirements of the RFP. Part 5: Proposed Solution The proposal should reflect the full understanding of all sections within the RFP. In respect of the following RFP documents, Vendor shall provide explicit point-by-point responses of compliance or non-compliance in the form of a compliance table as set out below: Annex 7: Service Level Agreement Annex 10: Application Maintenance Services (AMS) Annex 13: Scope of Work (Detailed) Annex 16: ** Contract/Term Sheet FORMAT OF VENDOR’S COMPLIANCE TABLE

Para. No. SIA Requirements Compliance (Y/N)

Remarks

2.14 Award of Tender 2.14.1 Any subcontractors or assigned

Vendors shall be named with the Tender Submission. [SIA] reserve the right to reject subcontractors or assigned Vendors without giving reasons, where Vendors will have no right to make changes to the final price in terms of compensation and/or replacement.

Y

Vendor(s) may include any additional information deemed necessary to support their proposal, and explain how the proposed system would handle each requirement.

Vendors should enter a “Y” (Yes) or “N” (No) to indicate if it complies with the RFP requirement as written.

Vendors who do not comply with an RFP requirement exactly as written must enter an “N” in the “Compliance (Y/N)” column. Vendors must accordingly give their counter-proposal in the “Remarks” column to clearly indicate the changes to the original RFP requirement. Where a Vendor fails to indicate compliance against any RPF requirement, it shall be deemed that the Vendor complies with the RFP requirement exactly as written and the Vendor’s proposal shall be evaluated accordingly. For each of the RFP requirements which a Vendor has indicated non-compliance, the Vendor is to state in the “Remarks” column and Pricing Table the addition cost, if any, for the Vendor’s full compliance with the RFP requirements. If the Vendor does not provide the respective cost statement, it will be deemed that the Vendor’s response is non-negotiable, and the Vendor’s proposal shall be evaluated accordingly.

V60 03.04.2018


For the avoidance of doubt, SIA reserves the right to refer to the compliance table for the purposes of interpreting Annex 13: Scope of Work (Detail) or any other compliance table (hereinafter collectively referred to as “Compliance Tables ” submitted by the Vendor(s) pursuant to the RFP. References to the Contract shall include a reference to the Compliance Tables and the Contract shall be construed and interpreted accordingly. For the avoidance of doubt, “compliance with the RFP requirements” shall mean strict adherence to the clause with no amendments. Describe how other Vendors or Vendors products, if any, will be integrated into your solution processes. Describe the approach, processes and methodologies that you will be using in the system you are proposing. Proposal should include:

• Brief Product Overview • Brief overview of Proposed Solution and list of deliverables. • Explanation of the various use cases for migration and token management (which includes

provisioning and de-provisioning) for existing staff, new staff, or vendor as well as administrator of the token system.

• Explanation on the user experience of the staff/vendors in each process. • Explanation on how the processes described can meet service levels. • Explanation for both success and failure cases in the process. • Explanation on how the solution fulfills the operational processes related to token management. • Explanation showing how the solution fits into SIA’s environment and modes of integration.

Untried/untested integration points should be highlighted in the proposal’s section on risk issues. Any diagram drawn should be concise and easy to understand.

• Security hardening of solution • Solution on interfacing with existing/new systems as defined in the Scope of Work • Hardware configuration and sizing to meet performance and scalability requirements • Explanation on how the setup can be efficiently and effectively tested before going live. • Ways to extend the solution in future to improve user experience in authentication. • Project approach, human and other resources needed from vendor and SIA and their

roles/qualifications, deliverables (e.g. project status etc.) and schedule • Writeup on critical success factors to the project and how vendor will meet them. • Explanation on how vendor will provide timely and effective support to users (local and

overseas) in all scenarios within the stipulated SLA. • List of documents that the vendor will produce to ensure a successful project and effective

support. • Explanation on how the operational setup and training provided will be efficient and effective

for a huge organization like SIA with periodic staff movements across time.

State: • The required configuration of your proposed product, • Whether customization of existing/proposed product is required, keeping in mind that

customization must be kept to a minimum and, • Whether integration with SIA’s other systems is required and if so, how this is proposed. • If proposed system is a package, Vendors should highlight the salient features and describe

the functionalities/features that would meet the functional and technical requirements (e.g. basic, mandatory, optional, value added etc.)

• Explanation on all assumptions and constraints explicitly State the time frame and schedule, from initiation till completion, for delivery of each (where possible) of the requirements. Software warranty will be for a six-month period, commencing from the date of system operational launch.

V60 03.04.2018


Specify the notification period for commencement of any future development work. Part 6: Prior Experience Vendors must provide extensive details of a minimum of two (2) projects, which they have relevant experience in. These must be similar to the nature of this Tender. Referees for these 2 projects must be contactable and willing to discuss on vendor per formance, else the project cannot be cited as prior experience. Part 7: Pricing/ Payment Terms and Tender Applicati on Form

1. For work covered in this RFP, Vendors must submit the following documents as separate documentation from the other parts of the proposal:

a. Annex 2 (Tender Application Form), b. Annex 15 (Pricing Table) – please provide price breakdown where possible

Vendors may be required to maintain and support the application/product for an initial contract term of three (3) years with an option to extend it each year for the next two (2) years i.e. (1)+(1) year, after which there will be a handover to the SIA team. Please quote up to a timeframe of five (5) years. Software licenses and maintenance must be fixed for five (5) years and subsequent annual increase pegged to the CPI in Singapore subject to a maximum increase of one percent (1%), whichever is lower. Provide a standard man-day rate to be used in the commercial proposal for all future application development work. This standard man-day rate will be effective for the duration of the Contract. Any assessment of Change Requests effort must be made free-of-charge to SIA and/or its subsidiaries. All prices should be quoted in Singapore Dollars (SGD) with validity period of twelve (12) months from the deadline for Submission of Proposal. If there is re-quote, the 12-month validity shall be from the date of re-submission of quote. Vendors shall bear any withholding tax, if applicable. SIA reserves the right to award the RFP in whole, part or not at all.

V60 03.04.2018


ANNEX 1: VENDOR PROFILE MATRIX FOR TR1297 Please complete the Matrix briefly (URLs are not acceptable). Additional information can be given as an attachment and / or in the relevant parts of your tender proposal.

Category/Section Description Corporate Information

Company’s Name and Address

Year of Incorporation Parent Company Name and Address (if any) Mission and Direction Core Competencies / Business Revenue for the 3 most current year-end periods Net Profit for the 3 most current year-end periods Technology / Business Partner Contact Person’s Name, Job Title, email address, mobile & DID contact no., fax no.

Attendees to Project Briefing (if applicable) A maximum of three (3) representatives are allowed to attend the project briefing. Each organisation being represented must submit the Non-Disclosure Undertaking (NDU) Letter. List the attendees’ name, NRIC / Passport No., nationality, vehicle no. (if any), mobile contact no., job title, and organisation name

Experience Project Experience on implementation and provisioning (or migration to) of RSA SecurID soft/hard tokens

- number of years - number of tokens - state the projects title (a brief description can be

given as attachment)

Relevant Customer Reference - list two (2) references

(must be contactable)

Product Features Solution Overview Technology Platform Years in Market Estimated Market Share Resources Number of Staff Worldwide (only count the ones that can be made available to the project)

- Total - Technical (Consultant, Engineer, etc) - Post Implementation Support

Number of Staff in Singapore (only count the ones that can be made available to the project)

- Total - Technical (Consultant, Engineer, etc) - Post Implementation Support

V60 03.04.2018


Category/Section Description

State the number of staff and the total number of years for each technology skill set / design standard in:

1. RSA SecurID token implementation

Project Management Development Methodology Adopted CMM, ISO or equivalent Certification Information Security and Quality Assurance State whether your organisation has a series of documented Information Security policies and Quality Assurance policies. Existing Information Security policies (Yes / No) Existing Quality Assurance policies (Yes / No)

V60 03.04.2018


ANNEX 2

TENDER APPLICATION FORM

Tender No: TR1297

Application No:

ANNEX 2: TENDER APPLICATION FORM DESCRIPTION / SPECIFICATION To supply hardware and soft token to SIA Group. TENDER CLOSING DATE & TIME 22 June 2018, 1200 Noon Singapore time

The Vendor/Contractor shall upon election be deemed to accept the terms and conditions printed on the RFP and all other attachments herewith.

ESTIMATED DELIVERY COMPLETION TIME To be agreed upon contract

Senior Manager IT Procurement & Admin for SINGAPORE AIRLINES LIMITED

LIQUIDATED DAMAGES PER DAY See “Terms And Conditions” COMPANY NAME AND ADDRESS CONTACT PERSON:

NAME, JOB TITLE AND EMAIL ADDRESS

We accept the terms and conditions as laid down in the RFP and all attachments herewith.

TOTAL AMOUNT TENDERED

S$

Signature, Name, Job Title, and Date

Company Stamp

V60 03.04.2018


ANNEX 3: IPT DECLARATION BY VENDOR/CONTRACTING PART Y Tender No. (TR1297 Token Replacement) (To be completed by a Corporation) To: Singapore Airlines Limited We, ………………………………………………………… hereby declare as follows: (Name of Vendor/Contracting Party)

YES NO 1

We are a company in which _____________________________________ the CEO of SIA and/or *his/her Immediate Family (directly or indirectly) have an interest of 30% or more.

2

We are a company in which ______________________________________ a Director of SIA and/or *his/her Immediate Family (directly or indirectly) have an interest of 30% or more.

3

We are a company in which Temasek and/or its subsidiaries when taken together (directly or indirectly) have an interest of 30% or more.

If answer to paragraph 3 is yes, please also indicate below:

3.1

Whether the shares in your company are held directly by Temasek and/or by Temasek subsidiaries/associates, and name such subsidiaries/associates, if any. ____________________________________________________________________ ____________________________________________________________________

3.2

Whether you are listed, or you are a member of a group of companies listed (name the company which is listed), on the Singapore Exchange Securities Trading Limited or any other exchange (name such exchange, if applicable). If you are, please state the names of the directors and audit committee members of the listed company. ____________________________________________________________________ ____________________________________________________________________

3.3

If the above answer is positive, please provide a list of your directors and the members of your audit committee (if you are listed) or (if you are a member of a listed group) a list of the directors and members of the audit committee of the group committee which is listed. ____________________________________________________________________ ____________________________________________________________________

4.

We are none of the above.

We confirm that the above information is true and correct. We understand that you require the information to comply with Chapter 9 of the Listing Manual of the Singapore Exchange Securities Trading Limited.

Name: …………………………………………. Signature: ……………………………………. Designation: …………………………………… Date: …………………………………………. Note: * Delete as appropriate DEFINITIONS

V60 03.04.2018


“Associate” : (a) In the case of a Director or the CEO if SIA:

(i) his immediate Family;

(ii) the trustees of any trust of which he or his Immediate Family is a beneficiary or, in the case of a discretionary trust, is a discretionary object; and

(iii) any company in which he and his Immediate Family together (directly

or indirectly) have an interest of 30% or more; or

(b) In relation to Temasek:

(i) its subsidiaries; or

(ii) any company in which Temasek and/or its subsidiaries when taken together (directly or indirectly) have an interest of 30% or more.

“Immediate Family” : In relation to a Director or the CEO of SIA: (a) his spouse; (b) his child, adopted child or step-child;

(c) his sibling; and (d) his parent.

“SIA” : Singapore Airlines Limited. “Temasek” : Temasek Holdings (Private) Limited, a company incorporated in Singapore.

V60 03.04.2018


ANNEX 4

DECLARATION OF PARTICIPATION BY RELATIVES/ASSOCIATE D COMPANIES ANNEX 4: DECLARATION OF PARTICIPATION BY RELATIVES/ ASSOCIATED COMPANIES Tender No. (TR1297 Token Replacement ) Vendor must declare whether any associated company, business partner or relatives are bidding in this tender exercise. Vendors who make false declarations will be disqual ified. Please complete the Section which is applicable. Section 1

I declare that I have no associated company, business partner or relative taking part in the tender. Signature

Name & Designation

Company Stamp

Section 2 (Please use new page if space is insufficient.) I declare that the following person/company is also bidding in the tender: No. Name of Person/Company Relationship to Vendor 1

2

3

Signature

Name & Designation

Company Stamp


ANNEX 5: INDIVIDUAL NON-DISCLOSURE AGREEMENT THIS AGREEMENT is made this ___________________ ("Effective Date ") between: Singapore Airlines Limited (UEN 197200078R), a company incorporated in Singapore with its registered office at 25 Airline Road, Airline House, Singapore 819829 (which may where the context allows include any or all of its Affiliates) ("SIA"), and Name of Individual :_______________________________ ____________________________(NRIC/Passport No._____________________) of address: __________________________________________________________________________________(the “Vendor Personnel ”) hereinafter referred individually as "a Party " or collectively as "the Parties ".

WHEREAS: A. Vendor Personnel is a/an employee, servant, officer, agent, consultant and/or contractor (as may be applicable) of

Name of Vendor: ______________________ _________________ (Business Registration No._____________________) (“the Vendor ”).

B. As between SIA and the Vendor, for the purposes of facilitating the business dealings, operations, cooperation or discussions, or for the

purposes of performance of obligations under any agreement, or for the purposes of discussions concerning a potential business relationship, or the evaluation or establishment of a potential business relationship, in respect of the procurement, development, implementation and/or maintenance of existing and/or new IT solutions and/or systems for SIA (each a “Purpose ”), SIA may from time to time disclose Confidential Information (as hereinafter defined) to the Vendor. In connection with the foregoing, SIA may from time to time also disclose Confidential Information (as hereinafter defined) to the Vendor Personnel.

C. The Parties agree to the disclosure and use of such Confidential Information on and subject to the terms of this Agreement.

THE PARTIES AGREE as follows: 1. The Vendor Personnel acknowledges that SIA operates in a

highly competitive industry and that any and all information relating to a Purpose, if disclosed (whether directly or indirectly) to a third party without the express authorisation of SIA would have a detrimental effect on the business of SIA. In consideration of being made privy to the Confidential Information (as hereinafter defined), the Vendor Personnel hereby agrees to observe and be bound by the terms of this Agreement.

2. In this Agreement, "Confidential Information " means any

non-public information which, under the circumstances surrounding the disclosure, ought to be regarded as proprietary or confidential to SIA, however recorded, preserved or disclosed and whether or not marked as confidential or private, of SIA that SIA discloses to Vendor and/or Vendor Personnel, and shall include but is not limited to: a. information, Personal Data, knowledge and data,

whether or not in relation to a Purpose and howsoever obtained or disclosed or accessed, including copies and reproductions thereof in which SIA has a business, proprietary or ownership interest or has a legal duty to protect, which SIA considers to be confidential and/or which is identified by SIA as confidential and/or any information which a reasonable third party acting in good faith would recognise as being confidential in nature;

b. SIA Data; c. any information relating to SIA’s business, affairs,

customers, clients, suppliers, plans, intentions, or market opportunities;

d. SIA’s operations, processes, product information, know-how, designs, trade secrets or software;

e. the fact that discussions and negotiations are taking place concerning the Purpose and the status of those discussions and negotiations; and

f. any information or analysis derived from the foregoing.

"SIA Data" includes any information belonging to SIA or provided by SIA for a Purpose which includes but is not limited to all data, information and computer programs provided by or derived from third parties whether concerning flight schedules, customers, suppliers, operational data, billing

information or otherwise, and Personal Data (of passengers or otherwise), as well as all compilations or databases containing such data and information. “Affiliate ” in relation to SIA means SIA's related or associated companies and such entities which SIA controls, directly or indirectly. For the purposes of this Agreement: (a) "associated company " shall mean any entity in which at least 20% but not more than 50% of its shares are held by SIA or the Singapore Airlines Group, and (b) the expression "control " in the relevant context shall mean either (i) control of at least 50% of the issued share capital of an entity; (ii) control of at least 50% of the voting rights attached to the shares of the issued share capital of an entity, (iii) control of the composition of the board of directors of an entity, or (iv) undertaking or control of the management and/or operation of the business of an entity.

3. The Vendor Personnel hereby agrees to use the Confidential

Information only for a Purpose and for no other purpose whatsoever and hereby undertakes that the Confidential Information shall only be disclosed to Vendor’s employees, servants, officers, agents, consultants and contractors on a need-to-know basis for a Purpose.

4. The Vendor Personnel further agrees to keep the Confidential Information in strictest confidence and treat with the same degree of care it extends to Vendor’s own Confidential Information (such care not being less than a reasonable degree of care), agrees to protect the Confidential Information from unauthorised or inadvertent use, disclosure, dissemination or publication, and shall not, directly or indirectly, use for himself or on behalf of or disclose to any third party except as provided in this Agreement any Confidential Information received from SIA. To the extent that the Confidential Information contains any Personal Data (as hereinafter defined), the Vendor Personnel shall comply with all applicable Data Protection Laws in respect of the collection, use, disclosure or processing of such Personal Data. "Data Protection Laws " shall refer to Singapore’s Personal Data Protection Act 2012 (Act 26 of 2012), whether in force now or to be enacted in the future and as the same may be modified, adapted or supplemented from time to time, and all other applicable laws, regulations, and official interpretations thereof pertaining to Personal Data, personally identifiable data or privacy. "Personal Data " means all information (including for the avoidance of doubt opinions)


which identifies an individual, in any form, whether true or not, about an individual who can be identified from that data or from that data and other information to which the organisation has or is likely to have access, and shall include: (a) all data which is defined to be “personal data” or equivalent under the applicable Data Protection Laws; and (b) all information the collection, disclosure, use or processing of which is subject to Data Protection Laws.

5. The Vendor Personnel expressly understands that the

Confidential Information disclosed by SIA under this Agreement is of a commercially valuable and highly sensitive nature. Vendor Personnel shall inform SIA immediately on becoming aware of any unauthorised use or disclosure of the Confidential Information, and co-operate in every reasonable way to help SIA regain the Confidential Information and use its best efforts to prevent further unauthorised use or disclosure of the Confidential Information. The Vendor Personnel acknowledges that damages alone would not be an adequate remedy for the breach of any of the provisions of this Agreement. Accordingly, without prejudice to any other rights and remedies it may have, SIA shall be entitled to seek the granting of equitable relief (including without limitation injunctive relief) concerning any threatened or actual breach of any of the provisions of this Agreement.

6. The provisions of this Agreement relating to Confidential

Information shall not apply to:

a. Information which at the time of disclosure is in the public domain.

b. Information which becomes part of or enters the public domain other than in breach of this Agreement or other than due to any default, wrongful, unlawful, wilful or negligent act or omission of the Vendor Personnel and/or Vendor or any of its employees, servants, officers, agents, consultants and contractors involved for a Purpose.

c. Information which was known to the Vendor Personnel and/or Vendor prior to receipt from SIA provided such prior knowledge can be adequately substantiated by documentary evidence antedating the disclosure by SIA.

d. Information which has been independently developed or obtained by the Vendor Personnel and/or Vendor, or obtained by the Vendor Personnel and/or Vendor from a third party other than in breach by either of them of their respective obligations to maintain confidentiality.

e. Information which is required to be used or disclosed by reason of any law, governmental or other regulations or the requirements, orders, directions, instructions or notices of any regulatory authority including any stock exchange, provided however that the Vendor Personnel shall promptly notify SIA of such requirements and shall use its best efforts to limit the scope of the use or disclosure.

7. All Confidential Information is delivered “as is”. Vendor

Personnel acknowledges that except as expressly set forth herein, (a) SIA has not made any promise to the Vendor Personnel, express or implied, upon which the Vendor Personnel is entitled to rely in any way; and (b) the Vendor Personnel specifically waives and disclaims any reliance, dependence or action based on any written or verbal statement or promise made by SIA to the Vendor Personnel and/or Vendor. The Parties understand that SIA does not have any obligation to provide Confidential Information to the Vendor Personnel, that SIA does not make any representation or warranty with respect to the accuracy or completeness of the Confidential Information, and that SIA shall not be liable to the Vendor Personnel for any loss or damage resulting from the use of or reliance on any of the Confidential Information, except as otherwise provided in a formal written agreement executed between the Parties for a Purpose.

8. Upon termination, abandonment or completion of any Purpose

for whatever reason or upon termination of this Agreement, the Vendor Personnel shall not make further use of the Confidential

Information related to such Purpose and shall return all of the Confidential Information to SIA, including all copies or reproductions, extracts, summaries or notes, or destroy the same in accordance with the directions of SIA and certify the same have been destroyed. SIA may at its sole discretion notify Vendor Personnel that a Purpose has been terminated, abandoned or completed.

9. SIA may, at any time direct the Vendor Personnel to return all

Confidential Information to SIA, or part thereof, and not to make further use of the Confidential Information to be returned. Upon receipt of such directions, the Vendor Personnel shall promptly deliver the requested Confidential Information without retaining any copies or excerpts thereof to SIA. If the requested Confidential Information are still required by the Vendor Personnel to perform their services for the project, then in such event, both Parties shall endeavour to obtain alternative information from other sources so that the Vendor Personnel can proceed with the performance of their services.

10. Subject to Clause 11, unless expressly assigned to the other

Party, whether in this Agreement or in some other document made between the Parties, all Intellectual Property Rights (as hereinafter defined) belonging to the respective Parties shall remain vested in the Party concerned. Except as expressly provided for under Clause 11, the Parties do not intend for this Agreement to grant any right (license or otherwise) in or to any Confidential Information. Vendor does not acquire any rights in any Confidential Information, except the limited right to use Confidential Information for the Purpose. SIA has no obligation to purchase any products or services from the Vendor. "Intellectual Property Rights " includes in Singapore and throughout the world and for the duration of the rights (a) any patents, utility models, copyrights, registered or unregistered trade marks or service marks, trade names, brand names, layout-design rights, registered designs and commercial names and designations; (b) any invention, discovery, trade secret, know how, or confidential, business, scientific, technical or product information; (c) any other rights resulting from intellectual activity in the commercial, industrial, scientific, literary and artistic fields and whether dealing with manufactured products or services; and (d) any letters patent, deed of grant, certificate or document of title for any thing referred to in paragraphs (a), (b) or (c) of this definition.

11. All Intellectual Property Rights comprised in any and all

materials (including software, source code, documentation, data, concepts and ideas) or any part thereof created or developed (whether jointly or independently by either Party) in connection with any Purpose(s) (collectively, the "Foreground IP") shall, unless otherwise expressly agreed between the Parties, be deemed to be irrevocably assigned to and shall vest in SIA upon creation without further charge. If required by SIA, Vendor Personnel shall do all things and sign all documents necessary to vest all such Intellectual Property Rights assigned or otherwise transferred or granted to SIA under this Agreement.

12. Vendor Personnel shall indemnify and hold harmless SIA and

its related and associated companies in full from and against all actions, proceedings, claims, damages, liabilities, settlement sums, charges, losses, costs and expenses (including without limitation, legal costs and expenses and costs of other professionals and any penalties or other amounts levied, imposed or charged by any regulator or regulatory authority) arising out of or in connection with any claim or action by any third party against SIA for actual or alleged infringement of the Intellectual Property Rights in connection with the Foreground IP. This Clause 12 shall survive the termination of this Agreement.

13. The Vendor Personnel shall not assign his benefits, rights and

obligations under this Agreement to any third party without the prior written consent of SIA. Subject to the above limitation, this Agreement will inure to the benefit of and be binding upon the Parties, their successors and assigns.

14. If for any reason any provision or part thereof of this Agreement

is found to be unenforceable, such provision or part thereof shall


be deemed to be severed from this Agreement and the remainder of the Agreement shall remain in full force and effect and may be enforced to the fullest extent possible.

15. This Agreement shall not be modified except by a written

agreement dated subsequent to the date of this Agreement and signed by both Parties. None of the provisions or part thereof of this Agreement shall be deemed to have been waived by any act or acquiescence on the part of SIA, its agents or employees, unless by an instrument in writing signed by both Parties. No waiver of any provision of this Agreement shall constitute a waiver of the same or any other provision(s) in this Agreement on another occasion.

16. The provisions of this Agreement shall be governed by and

construed in accordance with the laws of the Republic of

Singapore and the Parties hereby submit to the exclusive jurisdiction of the Courts of the Republic of Singapore.

17. This Agreement shall come into effect on the Effective Date and

shall remain in full force and effect in perpetuity (notwithstanding the completion, abandonment or termination of any Purpose) unless earlier lawfully terminated, provided that any provision of this Agreement which expressly or by implication is intended to come into or continue in force on or after termination of this Agreement shall survive and continue to be binding on Vendor Personnel indefinitely following termination. This Agreement may be terminated by mutual agreement of the Parties.

SIGNED SIGNED For and on behalf of Singapore Airlines Limited

SIA Project Manager Name of Project:___________________________

Name of Vendor Personnel

Signature:________________________________

Signature: ________________________________

Name: _________________________________

Name: : _________________________________

Job Title: __________________________________

Job Title: : __________________________________

V60 03.04.2018


ANNEX 6: TERMS AND CONDITIONS ON USAGE OF SIA IT RE SOURCES Pursuant to __________________________________________________ Agreement dated _______________________ (“Agreement”) between _________________________________________________ < Company > and SIA, this letter is to confirm your said engagement by SIA will be subject to the terms and conditions of the Non-Disclosure Agreement dated _________________________ signed between ______________________________________________________________ < Company > and SIA, and the following terms and conditions (which is not exhaustive).

In the performance of the services set out in the Agreement and to any and all other IT resources that SIA may have in future, you are advised and you agree and undertake to strictly adhere to the following terms and conditions (“T&Cs”): (A) GENERAL 1. You agree and shall:

a. endeavour to strictly comply with SIA’s security policies when using or accessing SIA’s IT resources including but not limited to, e-mail, intranet, and applications.

b. protect the confidentiality of the PIN(s) or password(s) assigned to him/her at all times, and ensure that the same is not revealed or disclosed in any manner whatsoever to any person or persons whomsoever, within SIA or outside.

c. use the IT resources strictly for official company business only, and will be responsible to ensure that resources will be used for the purpose intended for.

d. acquire, install and use licensed and authorised software by SIA only, and in a manner permitted by the license. e. be responsible for the data accessed, retrieved, changed, stored or transmitted through any of the company’s IT

resources. f. inform SIA ([email protected]) as soon as possible if they suspect that there is an IT security breach or

when they experience an IT security breach. g. return to SIA all documents, papers, memoranda, software, hardware and any other property that you obtained from or

prepared for SIA during the course of your engagement in SIA. You further undertake not to retain or make a copy such material or any part thereof, nor will you reconstruct such material based upon any confidential information known to you during your engagement with SIA.

2. You shall under no circumstances:

a. use SIA’s IT resources for i. private purpose, social or any unlawful purposes such as, but not limited to, vice, gambling or other criminal purposes; ii. sending to or receiving from any person any messages which is offensive on moral, religious, communal or political

grounds, or is abusive or of an indecent or menacing character; iii. making defamatory statements about any person, party or organisation; iv. circulating "chain letters" or spreading rumours; v. distributing third party copyright materials; vi. distributing trade secrets or sensitive corporate information which may cause damage to the organisation, financially or

otherwise; or vii. persistently sending messages without reasonable cause or for causing any threat, harassment, annoyance,

inconvenience or needless anxiety to any person whatever. b. engage in system activities that may in any way, result in inconvenience to other users of the system, or compromise

the security of SIA’s systems and network. Any attempts to crash the system, introduce malicious codes including but not limited to viruses and trojan horse, gain unauthorised access, sabotage other systems using account or resources on SIA’s system and network, or any other malicious attempts that cause any form of system damage to SIA’s systems and network are all acts deemed as violations of these T&Cs.

c. attempt to or break the security mechanism which has been installed on SIA’s computer equipment. d. gain access or attempt to gain access to any computer system, information or resources without authorisation by the

owners or holders of the right to such systems, resources and/or information. e. violate intellectual property rights to the information or resources available. f. make any copy or copies of any program/software that has been installed on your computer other than for backup or

archival purposes. g. download to the desktop or server any software that is subject to distribution limits. h. transmit or remove confidential systems, applications or information/data from SIA premises without SIA’s approval. i. port or transmit any information or software (into or out of SIA’s network) which contains :

i. a virus, worm or other harmful component; ii. prohibited material as defined by the Broadcasting Act (Chapter 28).

j. attach any unauthorised computer equipment, e.g., modem, to SIA’s PC/workstation. k. connect to an external network using computer equipment, e.g., a modem, while your PC, notebook or similar

computer equipment is logged onto the SIA network. l. bring in to SIA premises personal or <Company> computer equipment such as notebooks with the intention of

connecting on to SIA’s network, without prior authorisation by SIA. In the event such permission is granted, you shall: i. ensure that the notebook is free of malicious codes such as viruses, worms or other harmful components by

installing the latest updated version of an acceptable anti-virus software with its latest signature file on the notebook. Anti-virus software from the following companies are acceptable : McAfee, Symantec, and Trend Micro.

ii. undertake that you will not, under any circumstances, connect to an external network, e.g., through a modem, while you are logged on to the SIA network.

V60 03.04.2018


(B) MISUSE OF SIA IT RESOURCES SIA’s systems are subjected to audit and users should therefore not expect a right to privacy. Any unauthorised access or attempted access may be an offence under the Computer Misuse and Cybersecurity Act and/or any relevant applicable law within and outside Singapore. [For employers only] You undertake that you will ensure that any personnel under your employment and all others under your employment, including any sub-contractors or agents, having access to any of the confidential information and documents or such matters are subject to the same obligations as set out in the abovementioned T&Cs. [For employers only] SIA reserves the right to request the removal of any of your employee from the Project team forthwith and/or terminate the Agreement forthwith if you or any employee or subcontractors or agents commits a breach of or is in non compliance with any provision of these T&Cs. Should SIA request the removal of such employee, you will endeavour to procure a replacement. Any such replacement offered by you shall be subject to SIA’s prior written consent, which consent shall not be unreasonably withheld. I acknowledge and agree that any act or omission which in any way is in contravention with the terms and conditions set out herein is expressly prohibited by law, may result in civil and criminal penalties to which I will be liable.

[For employers only] I further agree that I will at my expense, indemnify, defend and hold harmless SIA from any claim brought or filed by a third party against SIA due to my aforesaid act or omission.

[For employers only] I undertake to pay liquidated damages of a minimum of S$10,000 to SIA if it is established that malicious code has been introduced into SIA’s network or a security breach has occurred, arising from an infringement of these T&Cs. SIA reserves the right to terminate the contract in the event of a serious security breach. The terms set out are acceptable to me, and are hereby agreed to: {PRIVATE} ___________________________________ AUTHORISED SIGNATURE NAME: _____________________________________ DESIGNATION: _____________________________________ COMPANY: _____________________________________ DATE: _____________________________________

REQUEST FOR PROPOSAL (RFP) - Singapore Airlines · REQUEST FOR PROPOSAL (RFP) Confidentiality: This...

Documents

Transcript of REQUEST FOR PROPOSAL (RFP) - Singapore Airlines · REQUEST FOR PROPOSAL (RFP) Confidentiality: This...